- Application Security
- Data Security
- Protection Against Worms, Viruses, Malware, etc.
- Regulatory Obligation Compliance
- Protection of Brand Equity
- Lower Incident Costs
- Penetration testing and attack surface analysis
- Identification of high-risk code
- Integration of security testing into dev. process
- Security testing using industry standard methods
Security of data, infrastructure and privacy are complex fields involving regulatory/policy issues, advanced technical design, and execution/operations issues. For new projects, implementing security features during the design process is far more effective than attempting to incorporate them downstream in the development process. Most compliance and certification regimes mandate such an approach.
NMX has significant experience with web application security vulnerabilities, as well as an advanced understanding of regulated applications, such as almost anything involving health care data, financial data or personally identifiable information of any kind. Substantial amounts of code we have developed, including enterprise applications comprising thousands of Java classes and hundreds of thousands of lines of code, undergoes rigorous vulnerability/penetration testing on a regular basis by independent, globally recognized, security firms specializing in the field. All software we develop follows a security-by-design approach, meets all the standards, and we regularly assist our clients in security design, engineering, compliance audits and certifications.
NMX has a penetration test suite consisting of 200+ test cases. We have followed OWASP recommendations in order to create this test suite. Using these generic test cases we can provide “surface attack” security testing on the web based application. We also provide a complete security analysis by inspecting the source code. We use a variety of manual and automated tests to inspect source code which identifies some of attack vectors which are hard or impossible to find by simply attacking Internet-facing ports only.
Our test case suite covers the following security vulnerabilities:
- Access Control
- Business Logic
- Cross Site Scripting
- Data Protection
- Data Protection Transport
- Error Handling
- Input Validation
- Session Management
- SQL Injection
- Distributed Denial of Service